I DOUBT IT. How can a vendor state that they can break an SSL encrypted
channel in order to detect if an attack is being propagated through it or
not. If that was the case then ecommerce would be dead right now.

Yes they can detect certain SSL exploits and weaknesses but they nor anyone
else can READ an already established and encrypted channel.

At that point you need a good host based intrusion agent on your web server
or host in question.

(As part of my "day job" I've successfully hacked several networks
running
a firewall which restricted traffic to HTTP and ran IDS
software...secure
port 443 is usually more than enough to get in, and the IDS systems
rarely
flag me...all tests performed with permission of course!)

makes me nervous as I admin a firewall at a third party to protect our
servers.
Where these attacks recognised ones, special or a port 443
vulnerability?
Is there anything I need to read up on here?

--
Tony Deacon

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the person or entity to whom they are addressed
and may contain confidential and/or privileged material.
Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon this information by persons or entities
other than the intended recipient is prohibited.
If you have received this email in error please contact the sender
and delete the material from any computer.

Relevant Pages

Re: Changes in IDS Companies?... >> There's also the option of using a non-inline style IDS,... >> firewall rules anyways, ... > 3) Many attacks are internal. ... come from the internet....(Focus-IDS)

Re: IDS on Switched Networks... connecting a network IDS to it would be fine. ... Higher state of alert you know what attacks you are ... If your firewall has NAT turned on, ...(Focus-IDS)

Re: Firewall or IDS... You can actually use IPSec on Win2K to do the same thing - plus you can ...PIX firewall will not be ... >> able to defend against application layer attacks like Code Red. ... A network IDS won't be able to defend against Code-Red-like attacks as soon ...(Focus-Microsoft)

RE: amount of alarms generated by IDS... Obviously to manage, control, and mitigate these types of attacks it is ... "They used to read the 3000ppm water monitor with a magnifying glass." ... amount of alarms generated by IDS... The comparison is more appropriately made as a firewall with the ability ...(Focus-IDS)

Re: Any personal Intrusion Detection Systems...BlackIce is actually an IDS that happens to be able to block using ... it's own IP filter (some people would call this a firewall).... carriers of such attacks like UNicode and double decode style attacks. ...(comp.security.firewalls)